In the old days of CentOS 5, I had an application that ran as another user.  I created a .desktop file which ran a command that looked like this: gksu -u anotheruser someapplication When the user clicked the icon, a popup asked for the password of "anotheruser".  When the password was correct, "someapplication" started. Now in the modern days of CentOS 7, I can't find a replacement for this behaviour.  I tried beesu: beesu -l -P someapplication anotheruser but it is asking me for the root password instead of "anotheruser" password. I also tried pkexec: pkexec --user anotheruser someapplication with the same result. Both methods also have problems finding the correct display variable: Failed to parse arguments: Cannot open display: Any help will be appreciated.

I have installed CentOS 8 and there is no beesu, or gksu package. I have also tried to install some Fedora rpm packages of beesu, but without success. Previously I used CentOS 7 and I had a desktop shortcut for *Root terminal* like this:

[Desktop Entry]
Version=1.0
Type=Application
Exec=beesu exo-open --launch TerminalEmulator
Icon=gksu-root-terminal
StartupNotify=true
Terminal=false
Categories=Utility;X-XFCE;X-Xfce-Toplevel;
OnlyShowIn=XFCE;
Name=Terminal Emulator
Comment=Use the command line

What should I have instead?

I want to open config files in Notepadqq. When I try to do this normally, I get an error dialog with message "Permission denied" and options Ignore, Abort and Retry. Supposedly if gksu is detected Notepadqq will offer the option to retry as root, but it doesn't for me even though though I have gksu installed. Running gksu notepadqq in a terminal brings up the enter password dialog, and when I enter my password it disappears and nothing else happens. The terminal command ends with no output and Nqq doesn't launch. gksudo notepadqq has the same effect. sudo notepadqq nags about how you're not supposed to use sudo, but sudo notepadqq --allow-root succeeds in running it as root, with a different graphical theme. pkexec notepadqq gives: qt.qpa.screen: QXcbConnection: Could not connect to display Could not connect to any X display. How do I get edit files as root with Notepadqq?

There are a few icons on my (xfce4) desktop that use gksu, for example a root terminal. They used to work fine in debian stretch. Now, gksu asks for the root password (once, it manages to save it for the session), but then fails to start the terminal (there is a flash of a window being created and closed immediately, but I cannot make out what it would contain). When running in a terminal, the output is the following: :~$ gksu /usr/bin/x-terminal-emulator # posix_spawn avoided (fd close requested) # Failed to use specified server: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name :1.67 was not provided by any .service files # Falling back to default server. # posix_spawn avoided (fd close requested) # watch_fast: "/org/gnome/terminal/legacy/" (establishing: 0, active: 0) # unwatch_fast: "/org/gnome/terminal/legacy/" (active: 0, establishing: 1) # watch_established: "/org/gnome/terminal/legacy/" (establishing: 0) gksudo does work, although it erroneously prompts for the root password, but expects the user password. Google did not find me relevant hits about "gksu" debian buster error "Failed to use specified server: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name" :1.67 was not provided by any .service files and some variants. Can anyone suggest a fix for this?

I was following a link to add Xampp server in "Show all application" section where normally we can see all GUI apps installed. But it's different in case of Xampp. We have to do things manually. So I opened the file using: pkexec nano /usr/share/applications/xampp-control-panel.desktop Because I can't use this: 007@bond:~$ pkexec gedit /usr/share/applications/xampp-control-panel.desktop Unable to init server: Could not connect: Connection refused (org.gnome.gedit:17349): Gtk-WARNING **: 20:18:25.529: cannot open display: Anyhow when I tried putting to check whether Xampp run pkexec, I got this error: 007@bond:~$ Exec=pkexec /opt/lampp/manager-linux-x64.run bash: /opt/lampp/manager-linux-x64.run: Permission denied **My questions/doubt**: 1. Isn't **pkexec** is a replacement of **gksudo**? Then why don't it works sometimes?

I wrote a small bash script. It needs root password. There are two commands only, both of which need the permission. So, currently I must enter the superuser password **twice** - I don't want that. I linked the script to desktop. And I'm executing it from desktop I mean. My effort, which does not work: gksu -u root "iptables -D INPUT 7 && iptables -D INPUT 6"

I am using GKSU for switching user in my Linux terminal and I want to disable "Remember password" option in that Pop-up menu due to security reasons. I am not sure how to achieve that. Mentioned below is the only trial i tried in the system, which did not work too. gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /apps/gksu/save-to-keyring false System config: Os : Debian 8 Desktop Environment : LXDE Command used for this operation : gksu -u test /usr/bin/xterm Attached screenshot for the same I remember password option to be completely disabled

I've been configured a keyboard shortcuts and it is working with others. it doesn't work only with gksudo's window and special system menus. (my laptop is running with Linux Mint 18.2) below command is just example for watching gksudo's window. $ gksudo "gnome-terminal -e 'dmesg -w'" how can I fix this problems?

**Background:** I'm running linux mint on a VM env where i have a mounted folder that only root can access and i want my Deluge client to download my torrents to that folder. If i go on terminal and execute: sudo deluge it asks my password and runs as my_user with privileged rights. Ok untill far. Now i want to make a bash script to ask for password on screen, in a prompt manner. **Problem:** If i write my bash file as: /usr/bin/gksudo deluge or /usr/bin/gksudo -u root deluge i get the exact same result, i run deluge as root with all my env as root, my home folder is on root folder, so it doesn't import my_user preferences/configs nor my queued torrents. If i write my bash file as: /usr/bin/gksudo -u my_user deluge it runs as my_user and without elevated privileges, it doesn't have access to write on the shared folder. **The real question:** How can i write a bash script that allow me to run deluge as my_user (the same env) with elevated rights and prompting for password ? **PS:** I tried -k arg in many ways without success.

So I've got the following code that should check whether an npm package is installed: def is_installed(name, as_global=True): # Returns whether NPM package is installed. s = shell(_get_npm_command("ls -p --depth 0", as_global)) match = re.search(r'\b%s\b' % (name), s['stdout']) if match: return True return False With the shell function being a subprocess.Popen() wrapper: def shell(c, stdin=None, env={}): # Simplified wrapper for shell calls to subprocess.Popen() environ = os.environ environ["LC_ALL"] = "C" for x in env: environ[x] = env[x] if not "HOME" in environ: environ["HOME"] = "/root" p = subprocess.Popen(shlex.split(c), stderr=subprocess.PIPE, stdout=subprocess.PIPE, stdin=subprocess.PIPE, env=environ) data = p.communicate(stdin) return {"code": p.returncode, "stdout": data, "stderr": data} and with a get_npm_command like this: def _get_npm_command(command, as_global, path=None): # returns npm command if as_global: return _get_global_npm_command(command) else: return _get_local_npm_command(command, path) def _get_global_npm_command(command): # returns global npm command os.chdir(NPM_PATH) return "gksu -u npm 'npm " + command + " -g'" def _get_local_npm_command(command, install_path): # returns local npm command if install_path: os.chdir(install_path) return "npm " + command + " " As you can see, the eventual command is: gksu -u npm npm ls -p --depth 0 In other words, I've created a user called npm to install global npm packages, because not that long ago npm recommended that one should not use root privileges in order to use it. They've changed their minds, but I intend stick with this solution I've found on the web that someone came up with. Anyway, gksu prompts me with a password for this command, but npm is not meant to have a password and so I would like to be able to run this command without being asked a password for. I've tried the following: /etc/sudoers.d/arkos.sudo npm ALL=(ALL) NOPASSWD: /usr/bin/npm ..but that doesn't seem to have any effect.

So, I have a script that uses -S mount nfs -o proto=tcp,port=2049 … etc. to mount a location from another Linux computer. What does -S mean? It seems to work just fine with or without it (it doesn't work if I do such as gksu -- -S mount … etc. to launch it without a terminal emulator). I'm curious if I actually need -S for some reason, or if I can drop it to make gksu -- work, without consequences. Here's the script I wrote, for reference, with the IP address and paths changed to protect the paranoid: #!/bin/bash if mountpoint -q /home/myLaptop/myDesktop then notify-send -t 3000 "Warning" "It is already mounted." else gksu -- -S mount -t nfs -o proto=tcp,port=2049 192.168.0.x:/home/myLaptop /home/myLaptop/myDesktop if mountpoint -q /home/myLaptop/myDesktop then notify-send -t 3000 "Alert" "Mounted." else notify-send -t 3000 "Alert" "Mount failed." fi fi

A few weeks ago a colleague signed into my Fedora 22 workstation. He too is a group admin. Ever since then whenever I attempt to install or unlock the "Authentication Required" modal requires his password and not mine. How can I fix this? It's highly annoying. One thing I need to point out is that my workstation uses winbind for LDAP authentication. I'd love to switch to sssd, but I just haven't had time to rebuild my profile.

On one of my systems, I'm running Gentoo Linux and I've installed x11-libs/gksu-2.0.2-r1. I've disabled the root account using sudo passwd -dl root and I want to be able to run GUI apps which need root privileges using sudo. I've set gksu to use sudo for authentication using gksu-properties, but it's still asking me for *root* password when I launch an application that needs root privileges and not *mine*. What am I missing?

Apparently [gksudo is not obeying /etc/sudoers](https://unix.stackexchange.com/questions/168283/gksudo-not-honoring-configuration-in-etc-sudoers) , neither [does kdesu](https://bugs.kde.org/show_bug.cgi?id=20914) . Therefore asking the other way around... Is there any su-to-root, gksudo, kdesudo, etc. alike tool, that supports starting gui applications as root or different user with an option to skip entering a password?

Some time ago I posted a question which was related to whether it is possible to preserve environment variables when sudoing to a different user. As it turned out, this is indeed possible. When invoking gksudo today to execute a GUI application as the root user, I was expecting that the preservation of environment variables (in my case $HOME) would also work for gksudo as it is configured via the same file, namely /etc/sudoers. As it turned out, this does not seem to be the case. For example, executing sudo vim will start up an instance of vim, correctly getting the configuration from the invoking user's home folder because I configured sudo to preserve $HOME. But gksudo gvim will fire up a "vanilla" gvim instance. Is it necessary to separately configure gksudo to achieve what I want?

I have a problem with gksu command. It always ask for password only once even when I set Defaults passwd_tries=3 in /etc/sudoers file. Command: $ gksu -S --debug ls No ask_pass set, using default! xauth: /tmp/libgksu-h36DCX/.Xauthority STARTUP_ID: gksu/ls/5207-0-LIFEBOOK-A532_TIME5108327 cmd: /usr/bin/sudo cmd: -H cmd: -S cmd: -p cmd: GNOME_SUDO_PASS cmd: -u cmd: root cmd: -- cmd: ls buffer: -GNOME_SUDO_PASS- brute force GNOME_SUDO_PASS ended... Yeah, we're in... xauth: /tmp/libgksu-h36DCX/.Xauthority xauth_env: /home/mzajac/.Xauthority dir: /tmp/libgksu-h36DCX It does not ask for correct password again. **How can I fix it so it ask three times for correct password?** My sudo configuration: # sudo -V Sudo version 1.8.9p5 Configure options: --prefix=/usr -v --with-all-insults --with-pam --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: --without-lecture --with-tty-tickets --disable-root-mailer --enable-admin-flag --with-sendmail=/usr/sbin/sendmail --with-timedir=/var/lib/sudo --mandir=/usr/share/man --libexecdir=/usr/lib/sudo --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --with-selinux Sudoers policy plugin version 1.8.9p5 Sudoers file grammar version 43 Sudoers path: /etc/sudoers Authentication methods: 'pam' Syslog facility if syslog is being used for logging: authpriv Syslog priority to use when user authenticates successfully: notice Syslog priority to use when user authenticates unsuccessfully: alert Send mail if user authentication fails Send mail if the user is not in sudoers Use a separate timestamp for each user/tty combo Lecture user the first time they run sudo Require users to authenticate by default Root may run sudo Allow some information gathering to give useful error messages Require fully-qualified hostnames in the sudoers file Visudo will honor the EDITOR environment variable Set the LOGNAME and USER environment variables Length at which to wrap log file lines (0 for no wrap): 80 Authentication timestamp timeout: 15.0 minutes Password prompt timeout: 0.0 minutes Number of tries to enter a password: 3 Umask to use or 0777 to use user's: 022 Path to mail program: /usr/sbin/sendmail Flags for mail program: -t Address to send mail to: root Subject line for mail messages: *** SECURITY information for %h *** Incorrect password message: Sorry, try again. Path to authentication timestamp dir: /var/lib/sudo Default password prompt: [sudo] password for %p: Default user to run commands as: root Value to override user's $PATH with: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Path to the editor for use by visudo: /usr/bin/editor When to require a password for 'list' pseudocommand: any When to require a password for 'verify' pseudocommand: all File descriptors >= 3 will be closed before executing a command Reset the environment to a default set of variables Environment variables to check for sanity: TERM LINGUAS LC_* LANGUAGE LANG COLORTERM Environment variables to remove: RUBYOPT RUBYLIB PYTHONUSERBASE PYTHONINSPECT PYTHONPATH PYTHONHOME TMPPREFIX ZDOTDIR READNULLCMD NULLCMD FPATH PERL5DB PERL5OPT PERL5LIB PERLLIB PERLIO_DEBUG JAVA_TOOL_OPTIONS SHELLOPTS GLOBIGNORE PS4 BASH_ENV ENV TERMCAP TERMPATH TERMINFO_DIRS TERMINFO _RLD* LD_* PATH_LOCALE NLSPATH HOSTALIASES RES_OPTIONS LOCALDOMAIN CDPATH IFS Environment variables to preserve: XAUTHORIZATION XAUTHORITY TZ PS2 PS1 PATH LS_COLORS KRB5CCNAME HOSTNAME HOME DISPLAY COLORS Locale to use while parsing sudoers: C Directory in which to store input/output logs: /var/log/sudo-io File in which to store the input/output log: %{seq} Add an entry to the utmp/utmpx file when allocating a pty PAM service name to use PAM service name to use for login shells Create a new PAM session for the command to run in Maximum I/O log sequence number: 0 Local IP address and netmask pairs: 10.50.52.47/255.255.252.0 fe80::2ed4:44ff:fea2:2c4d/ffff:ffff:ffff:ffff:: Sudoers I/O plugin version 1.8.9p5 My /etc/sudoers file (I tried setting passwd_tries=3 but removed it because it didn't work): # # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d /etc/pam.d/sudo : #%PAM-1.0 auth required pam_env.so readenv=1 user_readenv=0 auth required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 @include common-auth @include common-account @include common-session-noninteractive /etc/pam.d/common-account: # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config /etc/pam.d/common-auth: # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) auth [success=1 default=ignore] pam_unix.so nullok_secure # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) auth optional pam_ecryptfs.so unwrap auth optional pam_cap.so # end of pam-auth-update config /etc/pam.d/common-session-noninteractive : # # /etc/pam.d/common-session-noninteractive - session-related modules # common to all non-interactive services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of all non-interactive sessions. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # The pam_umask module will set the umask according to the system default in # /etc/login.defs and user settings, solving the problem of different # umask settings with different shells, display managers, remote sessions etc. # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so session optional pam_ecryptfs.so unwrap # end of pam-auth-update config

gksu doesn't has an option like sudo has to pass the password to it in the following way:

echo 'password' | sudo -S command

Anyway I wonder which is the simplest way to pass my password to gksu. What I found until now is:

parallel -j 2 -- "gksu command" "( sleep 1; xdotool type 'password';  xdotool key 'Return' )"

But this doesn't look so good for me (parallel and xdotool must to be installed, there is some time spent until the password is passed, the window which asking password is not avoided). So, is there a better way? --- Note: I'm not interested to edit the sudoers file or in explanations like "*don't do this, it's not safety!*".

Every time I want to open a GUI program that needs root permissions, I have to put my password. For example, I open synaptic and put my password then close it and a second later decide to reopen it it asks for the password again. Ubuntu 9.04 wasn't like that, it had a timeout of around 1 minute between sessions. I would like that again on the newer version of Linux. I know how to make sudo sessions last longer in Linux. All I have to do is type: sudo visudo then change: Defaults env_reset to (3 minutes): Defaults env_reset,timestamp_timeout=3 Is there a similar way to change the gksu session's timemouts?